[exim] Stopping spammers who won't accept rejection

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Marc Sherman at ->
Delete this message
Reply to this message
Author: Chris Lear
Date:  
To: exim-users
Subject: [exim] Stopping spammers who won't accept rejection
I'm running a fairly small exim/spamassassin operation. It's on one
server, which does some other things as well. So I don't want it
spending all its time on spamassassin.

Exim is rejecting based on some blacklists at RCPT time, then running
the rest through sa (data acl), and rejecting based on score.
I have a graph which shows me accepted/rejected mail per half-hour.

What I used to see is the rejects line being uneven, but averaging about
20 per half hour throughout the day, week, and year with not much
radical variation.

But starting a week or 2 ago, the rejects are showing large peaks at
about 125 per half-hour at irregular intervals (4 or 5 times a day).

What is happening is that the spammer is sending basically the same
message, but with slight wording variations, to the same recipient(s)
about 100 times before getting tired and giving up.

I can live with this, and exim/sa is managing fine at the moment. I have
2 questions, though:

1) Is there a cunning bit of exim config to save spamassassin CPU cycles
on lots of similar mail from the same IP address all at the same time?
[It makes me wonder whether accepting and dropping would be my best
option, though I'm not going to do that]
2) Has anyone else noticed this trend of spammers trying to bore your
server into submission with variations of the same message?

Chris


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] delay with ratelimit[exim] Why was this undeliverable bounce not frozen and later deleted?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)